Recently, electronic apparatuses, especially portable electronic apparatuses (e.g., mobile phones, tablet computers, etc.) installed with an operating system become increasingly popular. Correspondingly thereto, the number of applications running on the operating system of the electronic apparatuses also has an exponentially explosive growth. Taking iOS system and Android system as examples, the applications on the systems exceed 60,0000 and 40,0000 at present, respectively.
Although a huge number of applications bring about more options for a user, the attendant security issues are also worthy of attention. Taking Android system as an example, part important functions of the system are provided by way of a service interface, for example, contact information is read through a data source service (i.e., a process of the system which is loaded with an object of the data source service and provides an interface), and any program needing to read the contact information needs to apply to the service for reading the contact information via the interface.
The interface of such a service is based on the Binder communication mechanism, and the flow of calling the interface is as follows: an application issues an interface request for a service and sends the name of the service and the sequence number of the interface→a total service router queries about the service, registers the caller and lets it wait→the total service router assigns the request of a client to a particular service→the particular service performs a call for its own interface→the particular service returns the result of the call→the total service router gets the result and returns it to the registered application→the client program gets the result of the interface request.
At present, the Android system itself does not have a mechanism of interception, and just informs a user of the system that a program may access some services before the program is installed, but it does not judge whether an application program is a malicious program or not. Currently, there are some schemes which intercept malicious programs. For example, an interception is implemented by way of registering a false service to the system. However, such a way will leave an obvious false service name in the system where an interception is performed, which will be very easily found by a malicious program and cause the interception to fail.